Sunday, April 15, 2012

Blackbox DOM-based XSS Scanner

Introduction:Ra.2
- Blackbox DOM-based XSS Scanner is our approach towards finding a
solution to the problem of detecting DOM-based Cross-Site Scripting
vulnerabilities in Web-Application automatically, effectively and fast.
Ra.2 is basically a lighweight Mozilla Firefox Add-on that uses a very
simple yet effective and unique approach to detect most DOM-based XSS
vulnerabilities, if not all.

Being a browser-add on it is a
session-aware tool which can scan a web-application that requires
authentication. Ra.2 uses custom collected list of XSS vectors which has
been heavily modified to be compatible with its scanning technology.
The add-on also implements basic browser intrumentation to simulate a
human interaction to trigger some hard to detect DOM-based XSS
conditions.